Vulnerability Details CVE-2010-1165
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.048
EPSS Ranking 89.1%
CVSS Severity
CVSS v2 Score 9.0
References
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16
- http://jira.atlassian.com/browse/JRA-20995
- http://jira.atlassian.com/browse/JRA-21004
- http://secunia.com/advisories/39353
- http://www.openwall.com/lists/oss-security/2010/04/16/3
- http://www.openwall.com/lists/oss-security/2010/04/16/4
- http://www.securityfocus.com/bid/39485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57828
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16
- http://jira.atlassian.com/browse/JRA-20995
- http://jira.atlassian.com/browse/JRA-21004
- http://secunia.com/advisories/39353
- http://www.openwall.com/lists/oss-security/2010/04/16/3
- http://www.openwall.com/lists/oss-security/2010/04/16/4
- http://www.securityfocus.com/bid/39485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57828
Products affected by CVE-2010-1165
-
cpe:2.3:a:atlassian:jira:3.12
-
cpe:2.3:a:atlassian:jira:3.12.1
-
cpe:2.3:a:atlassian:jira:3.12.2
-
cpe:2.3:a:atlassian:jira:3.12.3
-
cpe:2.3:a:atlassian:jira:3.13
-
cpe:2.3:a:atlassian:jira:3.13.1
-
cpe:2.3:a:atlassian:jira:3.13.2
-
cpe:2.3:a:atlassian:jira:3.13.3
-
cpe:2.3:a:atlassian:jira:3.13.4
-
cpe:2.3:a:atlassian:jira:3.13.5
-
cpe:2.3:a:atlassian:jira:4.0
-
cpe:2.3:a:atlassian:jira:4.0.1
-
cpe:2.3:a:atlassian:jira:4.0.2
-
cpe:2.3:a:atlassian:jira:4.1